トピック
- 権限グループの概要
- Roles
- Capabilities
- switch_themes
- edit_themes
- edit_theme_options
- install_themes
- activate_plugins
- edit_plugins
- install_plugins
- edit_users
- edit_files
- manage_options
- moderate_comments
- manage_categories
- manage_links
- upload_files
- import
- unfiltered_html
- edit_posts
- edit_others_posts
- edit_published_posts
- publish_posts
- edit_pages
- read
- publish_pages
- edit_others_pages
- edit_published_pages
- delete_pages
- delete_others_pages
- delete_published_pages
- delete_posts
- delete_others_posts
- delete_published_posts
- delete_private_posts
- edit_private_posts
- read_private_posts
- delete_private_pages
- edit_private_pages
- read_private_pages
- delete_users
- create_users
- unfiltered_upload
- edit_dashboard
- customize
- delete_site
- update_plugins
- delete_plugins
- update_themes
- update_core
- list_users
- remove_users
- add_users
- promote_users
- delete_themes
- export
- edit_comment
- create_sites
- delete_sites
- manage_network
- manage_sites
- manage_network_users
- manage_network_themes
- manage_network_options
- manage_network_plugins
- upload_plugins
- upload_themes
- upgrade_network
- setup_network
- Resources
WordPress では、サイトの所有者が各ユーザーに対してサイト内で利用できる機能を管理するための「権限グループ」という概念を使用します。サイトの所有者は権限グループに各ユーザーを含めることでタスクへのアクセス権を管理できます。タスクには投稿の作成と編集、固定ページの作成、カテゴリーの作成、コメントのモデレート、プラグインの管理、テーマの管理、他のユーザーの管理 などがあります。
WordPress にはあらかじめ定義された6個の権限グループがあります。特権管理者、管理者、編集者、投稿者、寄稿者、購読者です。各権限グループのユーザーには、「権限」と呼ばれる一連のタスクの実行が許可されています。権限には “publish_posts”、“moderate_comments”、“edit_users” を含む多くの種類があります。権限グループにはあらかじめデフォルトの権限が設定されていますが、add_cap() 関数や remove_cap() 関数を使用して他の権限を付与または削除することもできます。add_role() 関数や remove_role() 関数を使用すると、新しい権限グループを導入または削除できます。
「特権管理者」権限グループに所属するユーザーはすべての権限を実行できます。他の各権限グループは、それぞれ制限された実行可能権限を持ちます。たとえば、「購読者」権限グループは “read” 権限のみを持っています。ある権限グループが、他の権限グループの上位に位置すると考えるべきではありません。むしろ、権限グループはサイトにおけるユーザーの責任を定義するものと考えてください。
権限グループの概要 権限グループの概要
- 特権管理者 – サイトネットワーク管理機能や他のすべての機能へアクセスできるユーザー。「ネットワークの作成」を参照してください。
- 管理者 (スラッグ: ‘administrator’) – シングルサイト内のすべての管理機能にアクセスできるユーザー。
- 編集者 (スラッグ: ‘editor’) – 他のユーザーの投稿を含むすべての投稿を公開、管理できるユーザー。
- 投稿者 (スラッグ: ‘author’) – 自身の投稿を公開、管理できるユーザー。
- 寄稿者 (スラッグ: ‘contributor’) – 自身の投稿を編集・管理できるが、公開はできないユーザー。
- 購読者 (スラッグ: ‘subscriber’) – プロフィール管理のみを実行できるユーザー。
WordPress をインストールすると、すべての権限を持つ「管理者」アカウントが自動的に作成されます。
新規ユーザーのデフォルトの権限グループを設定するには、管理画面 > 設定 > 一般設定を実行します。
Roles Roles
A Role defines a set of tasks a user assigned the role is allowed to perform. For instance, the Super Admin role encompasses every possible task that can be performed within a Network of virtual WordPress sites. The Administrator role limits the allowed tasks only to those which affect a single site. On the other hand, the Author role allows the execution of just a small subset of tasks.
The following sections list the default Roles and their capabilities:
Super Admin Super Admin
Multisite Super Admins have, by default, all capabilities. The following Multisite-only capabilities are therefore only available to Super Admins:
- create_sites
- delete_sites
- manage_network
- manage_sites
- manage_network_users
- manage_network_plugins
- manage_network_themes
- manage_network_options
- upgrade_network
- setup_network
In the case of single site WordPress installation, Administrators are, in effect, Super Admins. As such, they are the only ones to have access to additional admin capabilities.
Administrator Administrator
The capabilities of Administrators differs between single site and Multisite WordPress installations. All administrators have the following capabilities:
- activate_plugins
- delete_others_pages
- delete_others_posts
- delete_pages
- delete_posts
- delete_private_pages
- delete_private_posts
- delete_published_pages
- delete_published_posts
- edit_dashboard
- edit_others_pages
- edit_others_posts
- edit_pages
- edit_posts
- edit_private_pages
- edit_private_posts
- edit_published_pages
- edit_published_posts
- edit_theme_options
- export
- import
- list_users
- manage_categories
- manage_links
- manage_options
- moderate_comments
- promote_users
- publish_pages
- publish_posts
- read_private_pages
- read_private_posts
- read
- remove_users
- switch_themes
- upload_files
- customize
- delete_site
Additional Admin Capabilities Additional Admin Capabilities
Only Administrators of single site installations have the following capabilities. In Multisite, only the Super Admin has these abilities:
- update_core
- update_plugins
- update_themes
- install_plugins
- install_themes
- delete_themes
- delete_plugins
- edit_plugins
- edit_themes
- edit_files
- edit_users
- add_users
- create_users
- delete_users
- unfiltered_html
Editor Editor
- delete_others_pages
- delete_others_posts
- delete_pages
- delete_posts
- delete_private_pages
- delete_private_posts
- delete_published_pages
- delete_published_posts
- edit_others_pages
- edit_others_posts
- edit_pages
- edit_posts
- edit_private_pages
- edit_private_posts
- edit_published_pages
- edit_published_posts
- manage_categories
- manage_links
- moderate_comments
- publish_pages
- publish_posts
- read
- read_private_pages
- read_private_posts
- unfiltered_html (not with Multisite)
- upload_files
Author Author
Contributor Contributor
Subscriber Subscriber
Special Cases Special Cases
The following capabilities are special cases:
- unfiltered_upload – This capability is not available to any role by default (including Super Admins). The capability needs to be enabled by defining the following constant:
define( 'ALLOW_UNFILTERED_UPLOADS', true );
With this constant defined, all roles on a single site install can be given the unfiltered_upload capability, but only Super Admins can be given the capability on a Multisite install.
権限と権限グループ比較テーブル 権限と権限グループ比較テーブル
Note that the capabilities of Administrators differs between single site and Multisite WordPress installations, as described above .
Capability | Super Admin | Administrator | Editor | Author | Contributor | Subscriber |
---|---|---|---|---|---|---|
create_sites | Y | |||||
delete_sites | Y | |||||
manage_network | Y | |||||
manage_sites | Y | |||||
manage_network_users | Y | |||||
manage_network_plugins | Y | |||||
manage_network_themes | Y | |||||
manage_network_options | Y | |||||
upload_plugins | Y | |||||
upload_themes | Y | |||||
upgrade_network | Y | |||||
setup_network | Y | |||||
Capability | Super Admin | Administrator | Editor | Author | Contributor | Subscriber |
activate_plugins | Y | Y (single site or enabled by network setting) | ||||
create_users | Y | Y (single site) | ||||
delete_plugins | Y | Y (single site) | ||||
delete_themes | Y | Y (single site) | ||||
delete_users | Y | Y (single site) | ||||
edit_files | Y | Y (single site) | ||||
edit_plugins | Y | Y (single site) | ||||
edit_theme_options | Y | Y | ||||
edit_themes | Y | Y (single site) | ||||
edit_users | Y | Y (single site) | ||||
export | Y | Y | ||||
import | Y | Y | ||||
Capability | Super Admin | Administrator | Editor | Author | Contributor | Subscriber |
install_plugins | Y | Y (single site) | ||||
install_themes | Y | Y (single site) | ||||
list_users | Y | Y | ||||
manage_options | Y | Y | ||||
promote_users | Y | Y | ||||
remove_users | Y | Y | ||||
switch_themes | Y | Y | ||||
update_core | Y | Y (single site) | ||||
update_plugins | Y | Y (single site) | ||||
update_themes | Y | Y (single site) | ||||
edit_dashboard | Y | Y | ||||
customize | Y | Y | ||||
delete_site | Y | Y | ||||
Capability | Super Admin | Administrator | Editor | Author | Contributor | Subscriber |
moderate_comments | Y | Y | Y | |||
manage_categories | Y | Y | Y | |||
manage_links | Y | Y | Y | |||
edit_others_posts | Y | Y | Y | |||
edit_pages | Y | Y | Y | |||
edit_others_pages | Y | Y | Y | |||
edit_published_pages | Y | Y | Y | |||
publish_pages | Y | Y | Y | |||
delete_pages | Y | Y | Y | |||
delete_others_pages | Y | Y | Y | |||
delete_published_pages | Y | Y | Y | |||
delete_others_posts | Y | Y | Y | |||
delete_private_posts | Y | Y | Y | |||
edit_private_posts | Y | Y | Y | |||
read_private_posts | Y | Y | Y | |||
delete_private_pages | Y | Y | Y | |||
edit_private_pages | Y | Y | Y | |||
read_private_pages | Y | Y | Y | |||
unfiltered_html | Y | Y (single site) | Y (single site) | |||
unfiltered_html | Y | Y | Y | |||
Capability | Super Admin | Administrator | Editor | Author | Contributor | Subscriber |
edit_published_posts | Y | Y | Y | Y | ||
upload_files | Y | Y | Y | Y | ||
publish_posts | Y | Y | Y | Y | ||
delete_published_posts | Y | Y | Y | Y | ||
edit_posts | Y | Y | Y | Y | Y | |
delete_posts | Y | Y | Y | Y | Y | |
Capability | Super Admin | Administrator | Editor | Author | Contributor | Subscriber |
read | Y | Y | Y | Y | Y | Y |
Capabilities Capabilities
switch_themes switch_themes
- Since 2.0
- Allows access to Administration Screens options:
- Appearance
- Appearance > Themes
edit_themes edit_themes
- Since 2.0
- Allows access to Appearance > Theme Editor to edit theme files.
edit_theme_options edit_theme_options
- Since 3.0
- Allows access to Administration Screens options:
install_themes install_themes
- Since 2.8
- Allows access to Administration Screens options:
- Appearance > Add New Themes
activate_plugins activate_plugins
- Since 2.0
- Allows access to Administration Screens options:
edit_plugins edit_plugins
- Since 2.0
- Allows access to Administration Screens options:
install_plugins install_plugins
- Since 2.7
- Allows access to Administration Screens options:
- Plugins > Add New
edit_users edit_users
- Since 2.0
- Allows access to Administration Screens options:
edit_files edit_files
- Since 2.0
- Note: No longer used.
manage_options manage_options
- Since 2.0
- Allows access to Administration Screens options:
- Settings > General
- Settings > Writing
- Settings > Reading
- Settings > Discussion
- Settings > Permalinks
- Settings > Miscellaneous
moderate_comments moderate_comments
- Since 2.0
- Allows users to moderate comments from the Comments Screen (although a user needs the edit_posts Capability in order to access this)
manage_categories manage_categories
- Since 2.0
- Allows access to Administration Screens options:
- Posts > Categories
- Links > Categories
manage_links manage_links
- Since 2.0
- Allows access to Administration Screens options:
- Links
- Links > Add New
upload_files upload_files
- Since 2.0
- Allows access to Administration Screens options:
- Media
- Media > Add New
import import
- Since 2.0
- Allows access to Administration Screens options:
- Tools > Import
- Tools > Export
unfiltered_html unfiltered_html
- Since 2.0
- Allows user to post HTML markup or even JavaScript code in pages, posts, comments and widgets.
- Note: Enabling this option for untrusted users may result in their posting malicious or poorly formatted code.
- Note: In WordPress Multisite, only Super Admins have the
unfiltered_html
capability.
edit_posts edit_posts
- Since 2.0
- Allows access to Administration Screens options:
- Posts
- Posts > Add New
- Comments
- Comments > Awaiting Moderation
edit_others_posts edit_others_posts
- Since 2.0
- Allows access to Administration Screens options:
- Manage > Comments (Lets user delete and edit every comment, see edit_posts above)
- user can edit other users’ posts through function get_others_drafts()
- user can see other users’ images in inline-uploading [no? see inline-uploading.php]
- See Exceptions
edit_published_posts edit_published_posts
- Since 2.0
- User can edit their published posts. This capability is off by default.
- The core checks the capability edit_posts, but on demand this check is changed to edit_published_posts.
- If you don’t want a user to be able to edit their published posts, remove this capability.
publish_posts publish_posts
- Since 2.0
- See and use the “publish” button when editing their post (otherwise they can only save drafts)
- Can use XML-RPC to publish (otherwise they get a “Sorry, you can not post on this weblog or category.”)
edit_pages edit_pages
- Since 2.0
- Allows access to Administration Screens options:
- Pages
- Pages > Add New
read read
- Since 2.0
- Allows access to Administration Screens options:
- Dashboard
- Users > Your Profile
- Used nowhere in the core code except the menu.php
publish_pages publish_pages
- Since 2.1
edit_others_pages edit_others_pages
- Since 2.1
edit_published_pages edit_published_pages
- Since 2.1
delete_pages delete_pages
- Since 2.1
delete_others_pages delete_others_pages
- Since 2.1
delete_published_pages delete_published_pages
- Since 2.1
delete_posts delete_posts
- Since 2.1
delete_others_posts delete_others_posts
- Since 2.1
delete_published_posts delete_published_posts
- Since 2.1
delete_private_posts delete_private_posts
- Since 2.1
edit_private_posts edit_private_posts
- Since 2.1
read_private_posts read_private_posts
- Since 2.1
delete_private_pages delete_private_pages
- Since 2.1
edit_private_pages edit_private_pages
- Since 2.1
read_private_pages read_private_pages
- Since 2.1
delete_users delete_users
- Since 2.1
create_users create_users
- Since 2.1
- Allows creating new users.
- Without other capabilities, created users will have your blog’s New User Default Role.
unfiltered_upload unfiltered_upload
- Since 2.3
edit_dashboard edit_dashboard
- Since 2.5
customize customize
- Since 4.0
- Allows access to the Customizer.
delete_site delete_site
- Since 4.0
- Allows the user to delete the current site (Multisite only).
update_plugins update_plugins
- Since 2.6
delete_plugins delete_plugins
- Since 2.6
update_themes update_themes
- Since 2.7
update_core update_core
- Since 3.0
list_users list_users
- Since 3.0
- Allows access to Administration Screens options:
remove_users remove_users
- Since 3.0
add_users add_users
- Since 3.0
- Replaced in 4.4 with promote_users
promote_users promote_users
- Since 3.0
- Enables the “Change role to…” dropdown in the admin user list.
- This does not depend on ‘edit_users‘ capability.
- Enables the ‘Add Existing User’ to function for multi-site installs.
delete_themes delete_themes
- Since 3.0
export export
- Since 3.0
edit_comment edit_comment
- Since 3.1
create_sites create_sites
- Since 3.1
- Multi-site only
- Allows user to create sites on the network
delete_sites delete_sites
- Since 3.1
- Multi-site only
- Allows user to delete sites on the network
manage_network manage_network
- Since 3.0
- Multi-site only
- Allows access to Super Admin menu
- Allows user to upgrade network
manage_sites manage_sites
- Since 3.0
- Multi-site only
- Allows access to Network Sites menu
- Allows user to add, edit, delete, archive, unarchive, activate, deactivate, spam and unspam new site/blog in the network
manage_network_users manage_network_users
- Since 3.0
- Multi-site only
- Allows access to Network Users menu
manage_network_themes manage_network_themes
- Since 3.0
- Multi-site only
- Allows access to Network Themes menu
manage_network_options manage_network_options
- Since 3.0
- Multi-site only
- Allows access to Network Options menu
manage_network_plugins manage_network_plugins
- Multi-site only
- Allows access to Network Plugins menu
upload_plugins upload_plugins
- Since 4.0
- Multi-site only
- Allows user to upload plugin ZIP files from the Network Plugins -> Add New menu
upload_themes upload_themes
- Since 4.0
- Multi-site only
- Allows user to upload theme ZIP files from the Network Themes -> Add New menu
upgrade_network upgrade_network
- Since 4.8
- Multi-site only
- is used to determine whether a user can access the Network Upgrade page in the network admin. Related to this, the capability is also checked to determine whether to show the notice that a network upgrade is required. The capability is not mapped, so it is only granted to network administrators. See #39205 for background discussion.
setup_network setup_network
- Since 4.8
- Multi-site only
- is used to determine whether a user can setup multisite, i.e. access the Network Setup page. Before setting up a multisite, the capability is mapped to the `manage_options` capability, so that it is granted to administrators. Once multisite is setup, it is mapped to `manage_network_options`, so that it is granted to network administrators. See #39206 for background discussion.
Resources Resources
Plugins Plugins
- Members Plugin
- User Access Manager
- Advanced Access Manager
- User Role Editor
- WordPress User Role Editor
- Simple Membership Plugin
- View Admin As (manage & test roles)
Information Information
- WordPress Capabilities
- WordPress Roles and Capabilities at a Glance – A simplified visual representation of WordPress roles and capabilities
この記事は役に立ちましたか ? どうすればさらに改善できますか ?
フィードバックを送信するにはログインする必要があります。